Skip to main content
HN HNJA Holdings
  • Home
  • Privacy
  • Terms

Legal

Privacy Policy

Effective Date: July 1, 2026 — Last Updated: July 1, 2026

Contents

  1. Who We Are and Scope of This Policy
  2. Information We Collect
  3. How We Collect Information
  4. How We Use Your Information
  5. Legal Bases for Processing
  6. How We Share Information
  7. Data Retention
  8. Your Privacy Rights
  9. Security Measures
  10. Cookies and Tracking Technologies
  11. Children's Privacy
  12. International Data Transfers
  13. Changes to This Policy
  14. Contact and Complaint Resolution

1. Who We Are and Scope of This Policy

HNJA Holdings LLC is a computer systems design and integration firm organized under the laws of the United States with its principal place of business at:

HNJA Holdings LLC
2108 N St Ste N
Sacramento, CA 95816-5712
United States

This Privacy Policy describes how HNJA Holdings LLC (referred to throughout as HNJA Holdings, the Company, we, us, or our) collects, uses, stores, shares, and protects information about individuals who visit our website at https://www.hnjaholdings.lol, engage with us for services, submit inquiries, or otherwise interact with us in the course of our business operations.

This policy applies to all information we process as a data controller — meaning that we determine the purposes and means of processing your personal data. When we provide systems integration or managed IT services to our clients, we may also act as a data processor on their behalf; in those circumstances, the client’s privacy policy governs the processing, and you should refer to that policy directly.

2. Information We Collect

We collect only the information necessary to provide and improve our services, respond to inquiries, and meet our legal and contractual obligations. The categories of information we may collect include:

2.1 Information You Provide Directly

  • Contact and identity data — full name, email address, telephone number, job title, company name, and physical mailing address when you fill out a contact form, request a consultation, or correspond with us.
  • Project and engagement data — descriptions of your infrastructure, technical requirements, timelines, and business objectives that you share when engaging our services.
  • Account data — if we provide you with access to a client portal, we may collect your username, hashed password, and access logs.
  • Payment data — invoicing details and transaction records. We do not store full credit card numbers or bank account credentials on our systems; payment processing is handled by PCI-DSS compliant third-party processors.
  • Communication data — the content and metadata of emails, phone calls, support tickets, and other correspondence with our team.

2.2 Information Collected Automatically

  • Device and browser data — IP address, browser type and version, operating system, device type, screen resolution, and language settings.
  • Usage data — pages visited, time spent on pages, referral sources, navigation paths, and interactions with site elements.
  • Network data — internet service provider, approximate geolocation derived from IP address, and connection speed metrics.
  • Diagnostic data — error logs, crash reports, and performance telemetry that help us maintain site reliability.

2.3 Information We Do Not Collect

We do not knowingly collect sensitive categories of personal data (such as government-issued identification numbers, biometric data, or data concerning health, race, religion, or political opinions) through our website or general business operations. If such data appears in project materials provided by a client, it is processed solely under the terms of the applicable client services agreement.

3. How We Collect Information

We collect information through the following channels and methods:

  • Website forms — when you submit a contact form, download a resource, or request a consultation through our website.
  • Direct correspondence — when you email, call, or meet with our team members in the course of business development or service delivery.
  • Service engagement — during the scoping, design, deployment, and monitoring phases of an active client engagement.
  • Automated collection — through cookies, server logs, and analytics tools when you browse our website. Further detail is provided in Section 10 of this policy.
  • Third-party sources — on occasion, from business intelligence platforms, industry directories, and professional networks where you have made your professional contact information publicly available and we have a legitimate business interest in reaching out.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery — to design, propose, and deliver computer systems integration, cloud architecture, cybersecurity, managed IT, and advisory services that you have requested.
  • Communication — to respond to your inquiries, provide project updates, deliver technical documentation, and send service-related notifications.
  • Business operations — to invoice for services, manage accounts, enforce our terms of service, and maintain internal business records.
  • Improvement and analytics — to analyze website usage patterns, diagnose technical issues, improve user experience, and optimize service delivery methodologies.
  • Security and compliance — to detect, prevent, and respond to fraud, unauthorized access, security incidents, and other harmful activities; to comply with applicable laws, regulations, and legal process.
  • Marketing and outreach — with your consent where required by law, we may send you newsletters, case studies, white papers, event invitations, and information about services relevant to your interests. You may opt out of marketing communications at any time using the unsubscribe link in each email or by contacting us directly.

We do not use your personal data to make automated decisions that produce legal or similarly significant effects on you.

5. Legal Bases for Processing

Depending on your jurisdiction and the nature of our interaction, we rely on the following legal bases to process your personal data:

  • Contractual necessity — processing is necessary to perform a contract with you (such as a services agreement) or to take steps at your request before entering into a contract.
  • Legitimate interests — processing is necessary for our legitimate business interests or those of a third party, provided those interests are not overridden by your rights and freedoms. Legitimate interests include operating and improving our business, securing our systems, and marketing our services to business clients.
  • Consent — where you have given clear, specific, and informed consent for us to process your data for a particular purpose. You may withdraw consent at any time; withdrawal does not affect the lawfulness of processing that occurred before withdrawal.
  • Legal obligation — processing is necessary to comply with applicable laws, regulations, court orders, or binding government requests.

6. How We Share Information

We do not sell personal data. We share information only as described below and only under appropriate contractual safeguards:

  • Service providers — with carefully vetted vendors who perform functions on our behalf, including cloud hosting, email delivery, payment processing, analytics, and customer relationship management. These providers are contractually bound to process data only on our documented instructions and to implement appropriate security measures.
  • Professional advisors — with our attorneys, accountants, auditors, and insurers when reasonably necessary for the operation of our business and the protection of our legal interests.
  • Business transfers — in connection with a merger, acquisition, reorganization, or sale of all or a portion of our assets, your data may be transferred to the successor entity subject to the terms of this policy.
  • Legal and regulatory disclosures — when required by subpoena, court order, or applicable law; to establish or defend our legal rights; or to respond to a government or regulatory request with valid jurisdiction.
  • With your consent — we may share your information with third parties when you have explicitly directed or consented to such sharing.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Our retention criteria include:

  • Active client engagements — data related to an active project is retained for the duration of the engagement plus seven years following project completion, consistent with our contractual obligations, professional liability coverage periods, and applicable statutes of limitation.
  • Inquiry and prospect data — contact form submissions and pre-engagement correspondence are retained for two years from the most recent interaction, after which they are securely deleted or anonymized.
  • Website analytics — aggregated and pseudonymized usage data may be retained indefinitely for trend analysis; raw logs containing IP addresses are purged on a rolling 90-day cycle.
  • Marketing communications — contact details used for marketing are retained until you unsubscribe, after which we maintain a suppression list to ensure we honor your opt-out permanently.

8. Your Privacy Rights

Depending on your jurisdiction, you may have some or all of the following rights regarding your personal data:

  • Right to access — request a copy of the personal data we hold about you, along with information about how it is processed.
  • Right to rectification — request correction of inaccurate or incomplete personal data.
  • Right to erasure — request deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
  • Right to restriction — request that we limit the processing of your data in certain circumstances, such as while we verify the accuracy of contested data.
  • Right to data portability — request a copy of your data in a structured, commonly used, and machine-readable format, and transmit it to another controller where technically feasible.
  • Right to object — object to processing based on legitimate interests, including profiling and direct marketing.
  • Right to withdraw consent — withdraw consent at any time where processing is based on consent.
  • Right to non-discrimination — we will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, please contact us using the details in Section 14. We will verify your identity before processing your request and will respond within the timeframe required by applicable law — typically within 30 to 45 days. If we need additional time, we will notify you and explain the reason for the delay.

If you are a California resident, you may designate an authorized agent to submit a request on your behalf. The California Consumer Privacy Act (CCPA) affords California consumers specific rights, including the right to know what personal information we collect, use, and disclose, and the right to request deletion. We honor these rights as described in this section.

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your personal data violates applicable law.

9. Security Measures

We implement and maintain technical, administrative, and physical safeguards designed to protect the confidentiality, integrity, and availability of personal data. These measures include:

  • Encryption — data in transit is protected using TLS 1.3; data at rest is encrypted using AES-256.
  • Access controls — role-based access control with multi-factor authentication, principle of least privilege enforcement, and quarterly access reviews.
  • Network security — next-generation firewalls, intrusion detection and prevention systems, network segmentation, and continuous traffic monitoring.
  • Vulnerability management — regular penetration testing, automated vulnerability scanning, and a structured patch management program with defined SLAs based on severity.
  • Incident response — a documented incident response plan with defined roles, communication protocols, and notification procedures that comply with applicable breach notification laws.
  • Training and awareness — all personnel with access to personal data receive annual privacy and security training.
  • Third-party risk management — security assessments and contractual data protection addenda for all vendors who process personal data on our behalf.

While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security, and you share information with us at your own risk.

10. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience, analyze site traffic, and understand where our visitors come from. The specific types we deploy are:

  • Essential cookies — necessary for the core functionality of the website, such as session management, form submissions, and security. These do not require consent under most privacy frameworks.
  • Analytics cookies — we use privacy-focused analytics that aggregate and anonymize data; we do not use third-party advertising cookies or tracking pixels that build behavioral profiles for ad retargeting.
  • Preference cookies — store your display preferences, such as accessibility settings, for a more consistent browsing experience on return visits.

You may control and delete cookies through your browser settings. Most browsers allow you to block all cookies, block third-party cookies, or clear cookies upon exiting the browser. Note that disabling essential cookies may affect the functionality of our website.

11. Children’s Privacy

Our website and services are directed at business professionals and organizations. We do not knowingly collect, use, or disclose personal data from children under the age of 16. If we become aware that we have inadvertently collected personal data from a child without verifiable parental consent, we will promptly delete that data. If you believe we may have information from or about a child, please contact us immediately using the details in Section 14.

12. International Data Transfers

HNJA Holdings LLC is headquartered in the United States and processes data primarily on infrastructure located within the United States. When we engage service providers or clients in other countries, your data may be transferred to and processed in jurisdictions that may have data protection laws different from those in your country of residence.

For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on appropriate safeguards recognized by applicable data protection law, including Standard Contractual Clauses approved by the European Commission, the UK International Data Transfer Agreement, or adequacy decisions where applicable. We conduct transfer impact assessments and implement supplementary measures where necessary to ensure an equivalent level of protection.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or the operational environment. When we make material changes, we will post the updated policy on this page with a revised effective date and, where reasonably practicable, provide notice via email to clients with active engagements or through a prominent notice on our website at least 30 days before the change takes effect.

Your continued use of our website or services after the effective date of any update constitutes your acknowledgment of the revised policy. We encourage you to review this page periodically.

14. Contact and Complaint Resolution

For questions about this Privacy Policy, to exercise your rights, or to raise a concern about our data practices, please contact us using any of the following methods. We take privacy seriously and will work to resolve your concern promptly and fairly.

Email: info@hnjaholdings.lol

Phone: +1 (728) 529-7419

Postal mail:

HNJA Holdings LLC
Attn: Privacy Office
2108 N St Ste N
Sacramento, CA 95816-5712
United States

HN HNJA Holdings LLC

Computer Systems Design and Integration — engineered from Sacramento, deployed nationwide.

Quick Links

  • Home
  • About
  • Services
  • Industries
  • Contact

Legal

  • Privacy Policy
  • Terms of Service

Contact

2108 N St Ste N
Sacramento, CA 95816-5712
United States
+1 (728) 529-7419
info@hnjaholdings.lol

© 2026 HNJA Holdings LLC. All rights reserved.